x-kom hosting

Logi

Demonrex
utworzono
utworzono

Siema, ostatnio sam z siebie wykasował mi się cały folder z grą O.o. Postanowiłem to sprawdzic. Mam Viste Home Premium 32-bit.

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:13:27, on 2008-09-13Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Windows\system32\taskeng.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\system32\conime.exeC:\Windows\System32\mobsync.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Opera\opera.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Windows\system32\SearchFilterHost.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:/oem/podziekowania/podziekowania.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:/oem/podziekowania/podziekowania.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:/oem/podziekowania/podziekowania.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [CafeNews] C:\Program Files\CafeNews\CN.exe /autostartO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [skytel] Skytel.exeO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hiddenO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htmO8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dllO9 - Extra button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLLO13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dllO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exeO23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe--End of file - 6278 bytes

Dzięki z góry

Gość
komentarz
komentarz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:/oem/podziekowania/podziekowania.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:/oem/podziekowania/podziekowania.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:/oem/podziekowania/podziekowania.html

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Te w/w wpisy sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked

Daj log z -----> ComboFix.

Demonrex
komentarz
komentarz

Log z ComboFix:

ComboFix 08-09-12.09 - oem 2008-09-13 15:54:02.1 - NTFSx86Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1250.1.1045.18.1224 [GMT 2:00]Uruchomiony z: D:\ComboFix.exe * Utworzono nowy punkt przywracania.(((((((((((((((((((((((((   Pliki utworzone od 2008-08-13 do 2008-09-13  ))))))))))))))))))))))))))))))).2008-09-13 11:12 . 2008-09-13 11:12	<DIR>	d--------	C:\Program Files\Trend Micro2008-09-12 19:43 . 2008-09-12 19:45	<DIR>	d--------	C:\Users\All Users\Lavasoft2008-09-12 19:43 . 2008-09-12 19:45	<DIR>	d--------	C:\ProgramData\Lavasoft2008-09-12 19:43 . 2008-09-12 19:43	<DIR>	d--------	C:\Program Files\Lavasoft2008-09-12 19:42 . 2008-09-12 19:42	<DIR>	d--------	C:\Program Files\Common Files\Wise Installation Wizard2008-09-12 15:19 . 2008-09-12 15:19	<DIR>	d--------	C:\Users\All Users\WindowsSearch2008-09-12 15:19 . 2008-09-12 15:19	<DIR>	d--------	C:\ProgramData\WindowsSearch2008-09-10 12:15 . 2008-07-31 03:13	4,240,384	--a------	C:\Windows\System32\GameUXLegacyGDFs.dll2008-09-10 12:15 . 2008-08-02 03:01	625,152	--a------	C:\Windows\System32\drivers\dxgkrnl.sys2008-09-10 12:15 . 2008-06-26 05:29	565,248	--a------	C:\Windows\System32\emdmgmt.dll2008-09-10 12:15 . 2008-06-26 05:29	303,616	--a------	C:\Windows\System32\wmpeffects.dll2008-09-10 12:15 . 2008-05-08 21:21	211,968	--a------	C:\Windows\System32\drivers\mrxsmb10.sys2008-09-10 12:15 . 2008-05-20 04:07	148,480	--a------	C:\Windows\System32\drivers\nwifi.sys2008-09-10 12:15 . 2008-06-26 05:29	45,056	--a------	C:\Windows\System32\dataclen.dll2008-09-10 12:15 . 2008-08-02 05:26	36,864	--a------	C:\Windows\System32\cdd.dll2008-09-10 12:15 . 2008-07-31 05:32	28,160	--a------	C:\Windows\System32\Apphlpdm.dll2008-09-08 20:53 . 2008-09-08 20:53	<DIR>	d--------	C:\Program Files\Common Files\Blizzard Entertainment2008-09-07 18:21 . 2008-09-07 18:26	139,264	--a------	C:\Windows\War3Unin.exe2008-09-07 18:21 . 2008-09-07 18:26	42,441	--a------	C:\Windows\War3Unin.dat2008-09-07 18:21 . 2008-09-07 18:26	2,829	--a------	C:\Windows\War3Unin.pif2008-09-06 11:15 . 2008-09-06 11:16	21,840	--a----t-	C:\Windows\System32\SIntfNT.dll2008-09-06 11:15 . 2008-09-06 11:16	17,212	--a----t-	C:\Windows\System32\SIntf32.dll2008-09-06 11:15 . 2008-09-06 11:16	12,067	--a----t-	C:\Windows\System32\SIntf16.dll2008-09-01 18:55 . 2008-09-12 15:39	<DIR>	d--------	C:\Program Files\DAEMON Tools Toolbar2008-09-01 18:50 . 2008-09-01 18:50	<DIR>	d--------	C:\Users\oem\AppData\Roaming\DAEMON Tools2008-08-26 20:12 . 2008-08-26 20:22	<DIR>	d--------	C:\Users\oem\AppData\Roaming\Nowe Gadu-Gadu2008-08-22 11:44 . 2008-08-22 11:44	<DIR>	d--------	C:\Program Files\ChickenInvaders2Polish2008-08-19 18:33 . 2008-08-19 18:35	<DIR>	d--------	C:\Users\oem\AppData\Roaming\IDM2008-08-19 18:33 . 2008-08-19 18:38	<DIR>	d--------	C:\Users\oem\AppData\Roaming\DMCache2008-08-19 18:33 . 2008-08-19 18:39	<DIR>	d--------	C:\Program Files\Internet Download Manager2008-08-19 18:17 . 2008-08-22 11:44	<DIR>	d--------	C:\Users\All Users\InterAction studios2008-08-19 18:17 . 2008-08-22 11:44	<DIR>	d--------	C:\ProgramData\InterAction studios2008-08-19 18:15 . 2008-08-19 18:15	<DIR>	d--------	C:\Program Files\ReflexiveArcade2008-08-19 18:15 . 2008-08-21 21:21	<DIR>	d--------	C:\Program Files\Chicken Invaders 32008-08-19 18:06 . 2008-08-19 18:06	<DIR>	d--------	C:\Users\All Users\Trymedia2008-08-19 18:06 . 2008-08-19 18:06	<DIR>	d--------	C:\ProgramData\Trymedia2008-08-16 16:20 . 2008-08-17 15:13	<DIR>	d--------	C:\Users\oem\AppData\Roaming\SPORE Creature Creator2008-08-16 16:19 . 2008-08-16 16:19	<DIR>	d--------	C:\Program Files\Electronic Arts2008-08-13 21:47 . 2008-07-16 03:32	2,048	--a------	C:\Windows\System32\tzres.dll2008-08-13 12:03 . 2008-06-27 03:55	1,383,424	--a------	C:\Windows\System32\mshtml.tlb2008-08-13 12:03 . 2008-06-27 06:15	827,392	--a------	C:\Windows\System32\wininet.dll2008-08-13 12:03 . 2008-06-19 05:31	361,984	--a------	C:\Windows\System32\IPSECSVC.DLL2008-08-13 12:03 . 2008-04-18 07:48	269,312	--a------	C:\Windows\System32\es.dll2008-08-13 12:02 . 2008-04-10 07:12	738,304	--a------	C:\Windows\System32\inetcomm.dll.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-09-13 12:41	---------	d-----w	C:\ProgramData\Kaspersky Lab2008-09-13 10:21	557,088	--sha-w	C:\Windows\system32\drivers\fidbox2.dat2008-09-13 10:21	4,508,704	--sha-w	C:\Windows\system32\drivers\fidbox.dat2008-09-13 10:21	4,032	--sha-w	C:\Windows\system32\drivers\fidbox2.idx2008-09-13 10:21	37,352	--sha-w	C:\Windows\system32\drivers\fidbox.idx2008-09-10 19:17	---------	d-----w	C:\ProgramData\Microsoft Help2008-09-05 17:23	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-09-01 16:50	717,296	----a-w	C:\Windows\system32\drivers\sptd.sys2008-08-23 09:39	---------	d-----w	C:\Users\oem\AppData\Roaming\Tibia2008-08-22 09:44	---------	d-----w	C:\Users\oem\AppData\Roaming\uTorrent2008-08-13 19:45	---------	d-----w	C:\Program Files\Windows Mail2008-08-12 18:48	---------	d-----w	C:\Program Files\Tibia2008-08-12 18:48	---------	d-----w	C:\Program Files\Asprate2008-08-12 12:58	---------	d-----w	C:\ProgramData\Nero2008-08-12 12:58	---------	d-----w	C:\Program Files\Common Files\Nero2008-08-12 08:15	---------	d-----w	C:\ProgramData\Media Center Programs2008-08-11 12:02	---------	d-----w	C:\ProgramData\Test Drive Unlimited2008-08-11 09:39	108,144	----a-w	C:\Windows\System32\CmdLineExt.dll2008-08-10 17:13	---------	d-----w	C:\Users\oem\AppData\Roaming\NeroDCTemplates2008-08-10 17:07	---------	d-----w	C:\Users\oem\AppData\Roaming\Nero2008-08-10 17:07	---------	d-----w	C:\ProgramData\LightScribe2008-08-10 17:03	---------	d-----w	C:\Program Files\NeroInstall.bak2008-08-10 17:00	---------	d-----w	C:\Program Files\Nero2008-08-10 13:16	86,016	----a-w	C:\Windows\System32\OpenAL32.dll2008-08-10 13:16	262,144	----a-w	C:\Windows\System32\wrap_oal.dll2008-08-08 18:03	---------	d-----w	C:\Program Files\Common Files\INCA Shared2008-08-08 17:35	---------	d-----w	C:\Program Files\Common Files\Adobe2008-08-07 11:28	---------	d-----w	C:\Users\oem\AppData\Roaming\DAEMON Tools Pro2008-08-07 11:28	---------	d-----w	C:\ProgramData\DAEMON Tools Pro2008-08-06 19:50	---------	d-----w	C:\Program Files\uTorrent2008-08-06 19:40	96,976	----a-w	C:\Windows\system32\drivers\klin.dat2008-08-06 19:40	87,855	----a-w	C:\Windows\system32\drivers\klick.dat2008-08-06 19:33	---------	d-----w	C:\ProgramData\Kaspersky Lab Setup Files2008-08-06 19:33	---------	d-----w	C:\Program Files\Kaspersky Lab2008-08-06 19:30	---------	d-----w	C:\Program Files\F-Secure Internet Security2008-08-06 19:17	---------	d-----w	C:\ProgramData\F-Secure2008-08-06 17:44	---------	d-----w	C:\Users\oem\AppData\Roaming\F-Secure2008-08-06 17:31	---------	d-----w	C:\Program Files\MarBit2008-08-06 12:39	---------	d-----w	C:\Program Files\ATITool2008-08-05 15:03	278,984	----a-w	C:\Windows\system32\drivers\atksgt.sys2008-08-05 15:03	25,416	----a-w	C:\Windows\system32\drivers\lirsgt.sys2008-08-05 14:12	---------	d-----w	C:\Users\oem\AppData\Roaming\Summer Athletics 20082008-08-05 10:12	---------	d-----w	C:\Program Files\MSXML 4.02008-08-04 20:34	---------	d-----w	C:\Program Files\Windows Live2008-08-04 18:46	---------	d-----w	C:\Users\oem\AppData\Roaming\Gadu-Gadu2008-08-04 18:40	---------	d-----w	C:\Program Files\Gadu-Gadu2008-08-04 18:17	16,608	----a-w	C:\Windows\gdrv.sys2008-08-04 18:08	---------	d-----w	C:\Program Files\Opera2008-07-31 03:32	460,288	----a-w	C:\Windows\AppPatch\AcSpecfc.dll2008-07-31 03:32	2,154,496	----a-w	C:\Windows\AppPatch\AcGenral.dll2008-07-31 03:32	173,056	----a-w	C:\Windows\AppPatch\AcXtrnal.dll2008-07-22 08:05	---------	d-----w	C:\Users\oem\AppData\Roaming\ATI2008-07-18 18:38	587,264	----a-w	C:\Windows\WLXPGSS.SCR2008-07-08 08:49	319,456	----a-w	C:\Windows\DIFxAPI.dll2008-07-08 08:47	315,392	----a-w	C:\Windows\HideWin.exe2008-07-04 03:37	421,888	----a-w	C:\Windows\System32\ATIDEMGX.dll2008-07-04 03:37	331,776	----a-w	C:\Windows\System32\atipdlxx.dll2008-07-04 03:37	266,240	----a-w	C:\Windows\System32\Oemdspif.dll2008-07-04 03:37	159,744	----a-w	C:\Windows\System32\atitmmxx.dll2008-07-04 03:36	43,520	----a-w	C:\Windows\System32\ati2edxx.dll2008-07-04 03:36	270,336	----a-w	C:\Windows\System32\Ati2evxx.dll2008-07-04 03:35	692,224	----a-w	C:\Windows\System32\Ati2evxx.exe2008-07-04 03:27	1,626,624	----a-w	C:\Windows\System32\atidxx32.dll2008-07-04 03:21	3,691,008	----a-w	C:\Windows\System32\atiumdag.dll2008-07-04 03:03	4,427,264	----a-w	C:\Windows\System32\atiumdva.dll2008-07-04 02:52	9,306,112	----a-w	C:\Windows\System32\atioglxx.dll2008-07-04 02:50	50,688	----a-w	C:\Windows\System32\amdpcom32.dll2008-07-04 02:50	42,496	----a-w	C:\Windows\System32\atiadlxx.dll2008-06-27 09:42	6,295,552	----a-w	C:\Windows\RtHDVCpl.exe2008-06-26 03:29	801,280	----a-w	C:\Windows\System32\NaturalLanguage6.dll2008-06-26 01:45	2,644,480	----a-w	C:\Windows\System32\NlsLexicons0009.dll2008-06-26 01:45	12,240,896	----a-w	C:\Windows\System32\NlsLexicons0007.dll2008-06-25 11:49	1,826,816	----a-w	C:\Windows\SkyTel.exe2008-06-18 15:47	33,792	----a-w	C:\Windows\System32\RtkCoInst.dll2008-06-13 15:21	721,408	----a-w	C:\Windows\System32\RtkPgExt.dll2008-01-21 02:43	174	--sha-w	C:\Program Files\desktop.ini.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 2127296][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 201992]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]"RtHDVCpl"="RtHDVCpl.exe" [2008-06-27 C:\Windows\RtHDVCpl.exe]"Skytel"="Skytel.exe" [2008-06-25 C:\Windows\SkyTel.exe]C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]"{69B0FC5A-A250-481B-9550-5616EE8467DF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)"{B3A2BA2A-3399-4568-8ACA-3F09250E9557}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote"{AE5E06AE-3447-428B-9F03-D839D13DAC26}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote"{5D8BF90E-6271-4B47-BFE6-F1B00D9699DF}"= UDP:D:\GameCenter\GameCenter.exe:GameCenter"{B3B807D7-3737-4347-8CA3-A79E73633552}"= TCP:D:\GameCenter\GameCenter.exe:GameCenter"{43315FAF-F607-4F4B-B66E-1E247D5C722C}"= UDP:D:\Loki\Loki.exe:Loki"{2F28FFD4-EFA7-4F26-8931-225E55727B37}"= TCP:D:\Loki\Loki.exe:Loki"{1E77F19C-5FB9-4A48-9D28-4D1CAF2A5302}"= UDP:D:\Loki\Autorun\Autorun.exe:Loki - AutoRun"{703F2DFC-D03D-49AB-A97F-BB0C219BA872}"= TCP:D:\Loki\Autorun\Autorun.exe:Loki - AutoRun"TCP Query User{A1BDBA41-3146-4B15-BC64-A0714DDFF3C3}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\polish\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\polish\setup.exe:Kaspersky Internet Security 2009 Setup"UDP Query User{3953C6F3-F266-4D88-BCB2-74D6EF2083B3}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\polish\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\polish\setup.exe:Kaspersky Internet Security 2009 Setup"{29E9287B-8075-44B8-A595-C29D62DA3C9B}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)"{ED9F8A29-56F7-4472-BF50-F4CB7414F509}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)"{E58F9434-CD5F-451E-BB72-5EFA8A7EC7E2}"= UDP:D:\BF 2\BF2.exe:Battlefield 2"{0E0D58FE-8589-4EF2-BDC0-47E8D413A04B}"= TCP:D:\BF 2\BF2.exe:Battlefield 2[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]"EnableFirewall"= 0 (0x0)R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [2008-01-29 32784]R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2008-03-26 20496]R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-07-04 3847168]R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f8fd249-7846-11dd-9d36-001d7d77753b}]\shell\AutoRun\command - J:\Autorun.exe*Newly Created Service* - CATCHME*Newly Created Service* - PROCEXP90.Zawartość folderu 'Zaplanowane zadania'.- - - - USUNIĘTO PUSTE WPISY - - - -HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exeHKCU-Run-LightScribe Control Panel - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exeHKLM-Run-CafeNews - C:\Program Files\CafeNews\CN.exeHKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe.------- Skan uzupełniający -------.O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 -: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htmO8 -: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-13 15:57:30Windows 6.0.6001 Service Pack 1 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.Czas ukończenia: 2008-09-13 15:58:56ComboFix-quarantined-files.txt  2008-09-13 13:58:52Przed: 46,253,928,448 bajt˘w wolnychPo: 46,907,305,984 bajt˘w wolnych214	--- E O F ---	2008-09-12 10:05:57
Mateusz J.
komentarz
komentarz

Log czysty.

Wywal C:\QooBox jeśli takowy folder powstał.

Przeskanuj komputer skanerem online (Kaspersky).

Demonrex
komentarz
komentarz

Przeskanowałem. Czysty. Jakieś inne pomysły?

Mateusz J.
komentarz
komentarz
Jakieś inne pomysły?
To nie wina wirusów.

Jedyne co mi przychodzi do głowy, to że wykasował go ktoś przypadkowo.

Robiłeś przywracanie systemu?

Demonrex
komentarz
komentarz

Nie chodzi mi o przywrócenie gry. Martwiłem się że mam zasyfiony komputer, to wszystko. Dziękuję wszystkim za pomoc. Wynagradzam to plusikiem :).

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.